Security Token Service

From Wikipedia, the free encyclopedia
A Security Token Service is a software based identity provider responsible for issuing security tokens, especially software tokens, as part of a claims-based identity system.

In a typical usage scenario, a client requests access to a secure software application, often called a relying party. Instead of the application authenticating the client, the client is redirected to an STS. The STS authenticates the client and issues a security token. Finally, the client is redirected back to the relying party and present the security token. The token is the data record in which claims are packed. The token is protected from tinkering with strong cryptology. The software application verifies that the token originated from a STS trusted by it, and then makes authorization decisions accordingly. The token is creating a chain of trust between the STS and the software application consuming the claims.

See also


This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.